Keeping Pirates at Bay

Getty Images
(Image credit: Getty Images)

LONDON—The summer’s tentpole movie was more than a box office disappointment and lawsuit catalyst for Scarlett Johansson; Marvel’s Black Widow was also the most pirated movie of the pandemic era, as reported by TorrentFreak. One possible culprit (apart from the temptation to see Ray Winstone attempt a Russian accent) is simultaneous digital distribution, the practice of releasing a film on VoD and in theaters at the same time. 

Not only is this potentially harming earnings (the complaint behind Johansson’s legal action), it arguably makes the most valuable assets the most vulnerable. 

“The opportunity for cyberattacks to occur is elevated as the risk of disruption from these digital releases increases during high-profile events, mainly if a film is available to download and stream at the same time as a cinema release,” says Eric Elbaz, strategic engagement manager—Broadcasting Media, Akamai. “Pirates and threat actors are opportunistic in nature and will take advantage of high-profile releases to maximize their impact and return on investment. Companies must be aware of this trend and take action to mitigate the risks.”

Looking outside the Hollywood bubble, cyberattacks are on the rise the world over; ransomware attacks in particular were up 151% in the first half of 2021 (compared to the same time in 2020), according to data from Atlas VPN. And yet the media industry is under unique pressure to keep its materials under wraps, according to Christopher J. Chan, Partner at international law firm Eversheds Sutherland.

“While ransomware attacks and breaches in customer data privacy have been well publicized in other industries,” Chan said, “the reliance of the media industry on maintaining confidentiality in a motion picture product makes the media industry particularly prone to the adverse effects of a successful cyberattack which may compromise the details of an otherwise motion picture product, such as a plot or storyline, or surprise ending to a movie.” 

Without a team of superheroes to protect them, how can media companies defend this content from increasingly sophisticated forms of piracy? The trend towards content protection offers something in the way of security, a combination of authentication, encryption and watermarking to prevent assets from being copied.

Darren Lepke, head of video product management at Edgecast. (Image credit: Edgecast)
(opens in new tab)

“We see greater investment than ever in protecting content, especially as the nature of how content is delivered continues to evolve,” confirms Darren Lepke, head of video product management at Edgecast. “As content availability increases, we’re likely to see content providers apply more pressure on OTT platforms to support advanced solutions like watermarking and proactive monitoring, in addition to standard methods like DRM, encryption, and user authentication.

“We anticipate that watermarking solutions will become crucial, particularly for live sports,” Lepke continued. “Forensic watermarking will enable platforms to identify unauthorized traffic and determine which streams are being compromised so that security professionals can quickly shut them down.”

Even with this increased investment, content protection is a far from perfect solution, as Chan explains: “No content protection technology has yet proven 100% effective against video and streaming piracy, and the sophistication of pirates and infringers appears to increase with each advance of new content protection technology... It is still an open question as to whether content protection technology will ever be strong enough to prevent the unauthorized pirating and distribution of video and streaming content.” 

Christopher Chan, partner at Eversheds Sutherland. (Image credit: Eversheds Sutherland)
(opens in new tab)

Deploying content protection in tandem with other cybersecurity protocols makes for more robust defences, both prior to and after a product’s release.

“Content protection and cybersecurity need to cooperate with each other to provide effective protection against bad actors as well as convenient and easy access to video and streamed content by authorized consumers,” notes Chan. “During development and production, as well as after the public release of video and streamed content, such content should be sufficiently protected with both content protection measures as well as effective cybersecurity for associated networks and computers. The lapse in sufficient protection of video and streamed content by either content protection or by cybersecurity will likely jeopardize the economic value in the video and streamed content.”

On the network side, regular testing of a system’s defenses adds another layer of protection against piracy. Wayne Pecena, director of engineering at KAMU TV/FM at Texas A&M University, and past president of SBE, advocates “penetration testing,” which seeks to discover and exploit security flaws in an IT system.

Wayne Pecena,  director of engineering at KAMU TV/FM at Texas A&M University. (Image credit: KAMU TV/FM at Texas A&M University)
(opens in new tab)

“A pen test is executed by an ‘ethical’ hacker or ‘white hack’ hacker,” he explains. “The goal is to proactively find security flaws and correct in lieu of system flaws discovered by an actual cybersecurity event. Pen testing is a key aspect of a security audit.” Employing hacking tools such as NMAP or METASPLOIT, the would-be hacker carries out network reconnaissance, uncovers points of vulnerability and tests default logins. 

“I view penetration testing as the ‘proof of performance’ for the broadcast IT environment to verify the cybersecurity prevention measures that you think are in place really work,” says Pecena.

Emerging technologies such as AI and 5G will also have a key role to play in cybersecurity operations, and could be particularly powerful tools when combined.

Elbaz uses the following example: “AI can monitor shifts in internet traffic that may signal the start of an attack. 5G technologies can enable the fastest response possible by allowing AI to perform at-the-edge inference analysis and mitigation within milliseconds of detecting an oncoming attack.” 

By accelerating the speed of data analysis and enriching the granularity of detection, the efficiency of cybersecurity could be considerably enhanced. But so too could the attacks themselves; just as supervillains come in evil versions of their nemeses’ armor, hackers will harness the same technology used by media companies and the arms race wages on.

In the end these villains are thwarted when the heroes work together in ways that are unavailable to the forces of greed, and Philip James, Partner at Eversheds Sutherland, sees an opportunity for companies to provide something communal that pirates cannot, by using technology creatively.

“There is nothing like the shared experience of the theater,” he argues. “The more unique or distinct a theatrical performance can be, whether via virtual reality, 3D, in-theatre special effects, hospitality, exclusive content, trailers and interviews with directors and actors, the better opportunity there is for content creators to maintain an edge over hackers... by making the official content the best experience it can be.”